LibreChat/client/src/utils
Dustin Healy d65c228cea fix(mcp): address second round of Codex review findings
Fixes 13 correctness issues flagged in the second Codex review pass on the
feat/mcp-apps-support branch.

Core server-side changes: resource URI and model-only-tool caches are now
scoped per user/server key so OAuth and user-sourced servers with differing
tool lists cannot cross-contaminate each other. The model-only visibility check
in appToolCall now blocks iframe-initiated calls to tools declared as
visibility: ['model']. appToolCall also runs processMCPEnv to resolve runtime
env/user vars and set request headers before forwarding to tools/call, and
throws for servers that require per-call OBO token minting (unsupported in this
path). parsers.ts now includes structuredContent in the synthetic resourceId
hash to guarantee uniqueness across repeated same-app calls with different
results, skips the early-return guard when a synthetic app resource is present,
appends the ui{} marker to the synthetic text block, and forwards the raw
content array alongside structuredContent so text/image-only app results are
not silently dropped.

Client-side changes: fetchMCPResourceHtml now returns the full _meta.ui from
the resources/read content item so CSP and permissions come from the canonical
location in the spec rather than the tool descriptor. useAppBridge falls back
to the resource-level values when the read result carries no overrides.
The sandbox retry interval clears when sandbox-resource-ready arrives, fixing
the race where the ready notification arrived before the transport was
connected. The size-change handler in MCPUIResource and UIResourceCarousel now
applies the reported height to the wrapper element, and MCPUIResource's iframe
style uses height: 100% so inline apps are not clipped. The carousel loading
placeholder now uses the localized key. Dockerfile.multi copies the sandbox
from client/dist (the Vite output) rather than the source tree, which is the
only path present in the multi-stage runtime image. baseUriDomains from the
CSP config are now honoured in buildCspPolicy instead of always emitting
base-uri 'self'. serverResources was removed from the AppBridge capabilities
advertisement because no resource handlers are registered on the bridge.
2026-06-23 18:18:51 -07:00
..
__tests__ 🗜️ fix: Support Windows ZIP MIME Uploads (#13794) 2026-06-16 11:19:06 -04:00
agents.tsx 📌 feat: Pin Agents and Models in the Sidebar (#10634) 2025-12-11 16:38:20 -05:00
artifacts.ts 🛡️ fix: Harden Artifact Routing Lookups (#13069) 2026-05-11 15:42:44 -04:00
buildDefaultConvo.ts 🎭 feat: Override Custom Endpoint Schema with Specified Params Endpoint (#11788) 2026-02-13 23:04:51 -05:00
buildTree.ts 🐛 fix: String Interpolation in Messages Endpoint from #9155 (#9312) 2025-08-27 13:48:48 -04:00
citations.ts 📑 refactor: File Search Citations Dual-Format Unicode Handling (#10888) 2025-12-10 13:25:56 -05:00
cleanupPreset.ts 🎭 feat: Override Custom Endpoint Schema with Specified Params Endpoint (#11788) 2026-02-13 23:04:51 -05:00
cn.ts
collection.ts 📁 refactor: Prompts UI (#11570) 2026-03-22 16:56:22 -04:00
configHtml.ts feat: Surface Model Spec Branding on Landing and Selector (#13662) 2026-06-10 21:02:22 -04:00
conversation.ts 🧯 fix: Harden Data Retention Semantics (#13049) 2026-05-19 21:58:42 -04:00
conversationTags.spec.ts 👷 ci: Type-check the Client Workspace (#13560) 2026-06-06 18:40:31 -04:00
conversationTags.ts
convos.fakeData.ts 🔧 chore: Update ESLint Config & Run Linter (#10986) 2025-12-15 17:55:25 -05:00
convos.spec.ts 🔖 feat: Add Pinned Conversations (#13492) 2026-06-17 20:26:55 -04:00
convos.ts 🔖 feat: Add Pinned Conversations (#13492) 2026-06-17 20:26:55 -04:00
createChatSearchParams.spec.ts feat: implement search parameter updates (#7151) 2025-05-09 13:03:33 -04:00
createChatSearchParams.ts 🌐 fix: Preserve URL Query Params Through Auth Refresh and Conversation Init (#12028) 2026-03-02 23:32:53 -05:00
downloadFile.ts 🧭 fix: Navigate Signed CDN Downloads (#12998) 2026-05-07 13:36:57 -04:00
drafts.ts 🫧 refactor: Clear Drafts and Surface Error on Expired SSE Stream (#12309) 2026-03-19 14:51:28 -04:00
email.ts 📬 feat: Agent Support Email Address Validation (#9128) 2025-08-19 11:07:01 -04:00
endpoints.spec.ts 📂 refactor: Cleanup File Filtering Logic, Improve Validation (#10414) 2025-11-10 19:05:30 -05:00
endpoints.ts 🛬 fix: Prevent Viewed Conversations from Re-Arming the Soft Default Spec (#13699) 2026-06-11 20:52:17 -04:00
errors.ts 🧭 fix: Robust 404 Conversation Not Found Redirect (#11853) 2026-02-18 11:41:53 -05:00
favoritesError.ts 📜 feat: Skills UI + Initial E2E CRUD / Sharing (#12580) 2026-04-25 04:02:00 -04:00
files.ts 🧩 feat: Redesign Tool Call UI with Contextual Icons, Smart Grouping, and Rich Output Rendering (#12163) 2026-03-25 12:31:39 -04:00
forms.tsx 👤 feat: Agent Avatar Removal and Decouple upload/reset from Agent Updates (#10527) 2025-11-17 17:04:01 -05:00
getDefaultEndpoint.ts 🔃 refactor: Streamline Navigation, Message Loading UX (#7118) 2025-04-28 18:18:13 -04:00
getLoginError.ts
getThemeFromEnv.js 📦 feat: Move Shared Components to @librechat/client (#8685) 2025-07-27 12:19:01 -04:00
groupToolCalls.ts 🧩 feat: Redesign Tool Call UI with Contextual Icons, Smart Grouping, and Rich Output Rendering (#12163) 2026-03-25 12:31:39 -04:00
heicConverter.spec.ts ⚙️ refactor: Lazy-load HEIC upload conversion (#13638) 2026-06-10 08:47:17 -04:00
heicConverter.ts ⚙️ refactor: Lazy-load HEIC upload conversion (#13638) 2026-06-10 08:47:17 -04:00
icons.ts 🖼️ fix: Preserve Model Spec Icon URLs (#13370) 2026-05-30 09:50:27 -04:00
imageResize.ts 👷 ci: Type-check the Client Workspace (#13560) 2026-06-06 18:40:31 -04:00
index.ts feat(mcp-apps): spec compliance pass on AppBridge implementation 2026-06-23 14:16:10 -07:00
json.ts
languages.ts
latex.spec.ts 💲 fix: Prevent Single-dollar LaTeX for abbrev. Currency (K, M, B) (#9293) 2025-08-26 23:33:56 -04:00
latex.ts 💲 fix: Prevent Single-dollar LaTeX for abbrev. Currency (K, M, B) (#9293) 2025-08-26 23:33:56 -04:00
localStorage.ts 💾 chore: Enhance Local Storage Handling and Update MCP SDK (#6809) 2025-04-09 18:38:48 -04:00
logger.ts 🗝️ fix: React Key Props and Minor UI Fixes from a11y Updates (#10954) 2025-12-12 23:09:05 -05:00
map.ts 🔒 feat: View/Delete Shared Agent Files (#8419) 2025-07-12 01:52:46 -04:00
markdown.ts 🔄 refactor: Migrate to react-resizable-panels v4 with Artifacts Header polish (#12356) 2026-03-22 02:21:27 -04:00
mcpApps.ts fix(mcp): address second round of Codex review findings 2026-06-23 18:18:51 -07:00
memory.ts 🧠 feat: User Memories for Conversational Context (#7760) 2025-06-07 18:52:22 -04:00
mermaid.ts 🧜‍♂️ fix: Preserve Mermaid foreignObject HTML in Sanitized SVG (#12819) 2026-04-29 09:37:38 +09:00
messages.ts feat: Show Message Timestamps on Hover (#13709) 2026-06-14 09:39:52 -04:00
presets.ts 🏷️ refactor: EditPresetDialog UI and Remove chatGptLabel from Presets (#7543) 2025-05-24 19:24:42 -04:00
previewCache.ts 🎞️ refactor: Image Rendering with Preview Caching and Layout Reservation (#12114) 2026-03-06 19:09:52 -05:00
promptGroups.ts 📁 refactor: Prompts UI (#11570) 2026-03-22 16:56:22 -04:00
prompts.ts 🗓️ feat: Add Special Variables for Prompts & Agents, Prompt UI Improvements (#7123) 2025-04-29 03:49:02 -04:00
redirect.ts 🔒 fix: Request interceptor for Shared Link Page Scenarios (#12036) 2026-03-03 12:03:33 -05:00
resetConvo.ts
resources.ts 🔗 feat: Add Granular Access Control to Shared Links via ACL System (#13051) 2026-06-03 14:17:17 -04:00
roles.ts 🔗 feat: Add Granular Access Control to Shared Links via ACL System (#13051) 2026-06-03 14:17:17 -04:00
routes.ts 🤝 feat: View Artifacts in Shared Conversations (#10477) 2025-11-13 16:59:46 -05:00
scaleImage.ts 🧩 feat: Redesign Tool Call UI with Contextual Icons, Smart Grouping, and Rich Output Rendering (#12163) 2026-03-25 12:31:39 -04:00
share.ts 🔗 fix: Share Links Respect Custom Base Path (#11087) 2025-12-24 17:59:40 -05:00
subagentContent.ts 🪆 feat: Subagent configuration in Agent Builder (#12725) 2026-04-25 04:02:01 -04:00
textarea.ts
tilde.spec.ts 🔢 fix: Prevent "approximately" tildes from rendering as markdown subscript (#13743) 2026-06-14 16:59:12 -04:00
tilde.ts 🔢 fix: Prevent "approximately" tildes from rendering as markdown subscript (#13743) 2026-06-14 16:59:12 -04:00
timestamps.ts 📌 fix: Exclude Pinned Keys from Cleanup and Fix MCP Pin State (#9867) 2025-09-27 17:21:48 -04:00
tokens.spec.ts 🩹 fix: Bill Anthropic Prompt-Cache Tokens Once (#13798) 2026-06-16 14:28:48 -04:00
tokens.ts 🪙 fix: Correct Context Usage Gauge After Summarization (#13744) 2026-06-14 18:23:30 -04:00
toolLabels.ts 🖥️ style: Render Bash PTC Calls With Bash UI (#13046) 2026-05-10 14:09:04 -04:00